Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

New submitter SwampApe tips news that Uber has revealed a database breach from 2014. The company says the database contained names and diver's license numbers of their drivers, about 50,000 of which were accessed by an unauthorized third party. As part of their investigation into who was behind the breach, Uber has filed a lawsuit which includes a subpoena request for GitHub. "Uber's security team knows the public IP address used by the database invader, and wants to link that number against the IP addresses and usernames of anyone who looked at the GitHub-hosted gist in question – ID 9556255 – which we note today no longer exists. It's possible the gist contained a leaked login key, or internal source code that contained a key that should not have been made public."

schwit1 sends this report from the Washington Post: Cellphones didn't just arrive in Pakistan. But someone could be fooled into thinking otherwise, considering the tens of millions of Pakistanis pouring into mobile phone stores these days. In one of the world's largest — and fastest — efforts to collect biometric information, Pakistan has ordered cellphone users to verify their identities through fingerprints for a national database being compiled to curb terrorism. If they don't, their service will be shut off, an unthinkable option for many after a dozen years of explosive growth in cellphone usage here.

Prompted by concerns about a proliferation of illegal and untraceable SIM cards, the directive is the most visible step so far in Pakistan's efforts to restore law and order after Taliban militants killed 150 students and teachers at a school in December. Officials said the six terrorists who stormed the school in Peshawar were using cellphones registered to one woman who had no obvious connection to the attackers.

An anonymous reader writes: Face recognition software underwent a revolution in 2001 with the creation of the Viola-Jones algorithm. Now, the field looks set to dramatically improve once again: computer scientists from Stanford and Yahoo Labs have published a new, simple approach that can find faces turned at an angle and those that are partially blocked by something else. The researchers "capitalize on the advances made in recent years on a type of machine learning known as a deep convolutional neural network. The idea is to train a many-layered neural network using a vast database of annotated examples, in this case pictures of faces from many angles. To that end, Farfade and co created a database of 200,000 images that included faces at various angles and orientations and a further 20 million images without faces. They then trained their neural net in batches of 128 images over 50,000 iterations. ... What's more, their algorithm is significantly better at spotting faces when upside down, something other approaches haven't perfected."

jfruh writes: Despite privacy concerns and doubts over its usefulness, a plan to track passengers entering or leaving the European Union in a series of national databases is likely to become reality by the end of the year. Legislation working its way through the European Parliament will authorize European nations to set up databases of the sort already in use in the UK, and to share information with each other. All the EU parties except the Greens are in favor.

Vaccination rates across the U.S. don't neatly correlate with religiosity or wealth; Wired reports that one conspicuous pocket of low vaccination rates, according to California's state database of daycare records, is a place where you might not expect it: Silicon Valley — specifically, the daycare centers at some large tech companies.
A WIRED investigation shows that some children attending day care facilities affiliated with prominent Silicon Valley companies have not been completely vaccinated against preventable infectious diseases. At least, that’s according to a giant database from the California Department of Public Health, which tracks the vaccination rates at day care facilities and preschools in the state. We selected more than 20 large technology and health companies in the Bay Area and researched their day care offerings. Of 12 day care facilities affiliated with tech companies, six—that’s half—have below-average vaccination rates, according to the state’s data. ... And those six have a level of measles vaccination that does not provide the “herd immunity” critical to the spread of the disease. Now, this data has limitations—most critically, it might not be current. But it also suggests an incursion of anti-science, anti-vaccine thinking in one of the smartest regions on Earth.

An anonymous reader writes Anthem, the second-largest health insurer in the United States, has suffered a data breach that may turn out to be the largest health care breach to date, as the compromised database holds records of some 80 million individuals. Not much is known about how the attack was discovered, how it unfolded and who might be behind it, but the breach has been confirmed by the company's CEO Joseph Swedish in a public statement, in which he says they were the victims of a "very sophisticated external cyber attack." The company has notified the FBI, and has hired Mandiant to evaluate their systems and identify solutions to secure them.
Swedish said the breach is extensive: the vulnerable data included "names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data," though "no credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised." (Also covered by Reuters.)

First time accepted submitter bronger writes After six years of closed-source development, the Research Centre Jülich published its database solution for laboratory samples and processes as open source, while continuing maintaining it. JuliaBase is a framework written in Python/Django that enables research institution or research group to set up browser-based samples tracking and measurement management easily. Next to Bika and LabLey, this is one of the very few open source LIMS systems, and in contrast to the others, not specialized in biomedicine or service labs.

HughPickens.com writes The Independent reports that hacktivist group Anonymous, in a project named Operation DeathEaters, is calling for help in its fight against international pedophile networks, or what it calls the "paedosadist industry" and has issued a video instructing activists on how they can aid in the operation. The Anonymous project is intended to break what it says is a conspiracy of silence among sympathetic politicians, police and mainstream media to downplay the full extent of the online child sex industry. "The premise behind OpDeathEaters is to expose high level complicity, obstruction of justice and cover-up in the paedo-sadist industry in order to show the need for independent inquiries," says Heather Marsh, an online activist who is helping to co-ordinate the operation and describes herself as an "old friend" of Anonymous. The Anonymous database, which will be hosted on the GitHub online repository, promises to collate cases from all around the world, cross-referencing connections within sub-groups including the police, armed forces, schoolteachers, politicians, media, academics and religious organisations. The database's ultimate purpose has yet to be fully determined, but in the first instance the group says it wants to shut down the child-sex industry by "dismantling the power structure which held it there" and by "educating to create a cultural change".

The group is calling on volunteers to help with the ongoing work, which has been divided into three steps. The first is about collecting "all the factual information," second is to "share that information as widely as possible," and the third step is "to set up an independent, internationally linked, inquiry into all the areas which do not appear to have been investigated properly." Activists point to the muted media coverage given to a recent case in Washington DC in which Michael Centanni, a senior Republican fundraiser, was charged with child sex offences after investigators traced transmissions of child pornography to his computers in his basement. The case was not covered by The Washington Post or the New York Times, and was only picked up by a local NBC affiliate state and The Washington Examiner, a small conservative paper in the city.
According to the court filings, Centanni was found in possession of 3,000 images, many apparently filmed in his own bedroom, including one showing a man raping a five-year-old girl who cries "no" and "mommy" while the man says "good baby" and "stop crying," according to one filing.

A story at Ars Technica describes yet another Federal database of logged call details maintained by the Federal government which has now come to light, this one maintained by the Department of Justice rather than the NSA, and explains how it came to be discovered: [A] three-page partially-redacted affidavit from a top Drug Enforcement Agency (DEA) official, which was filed Thursday, explained that the database was authorized under a particular federal drug trafficking statute. The law allows the government to use "administrative subpoenas" to obtain business records and other "tangible things." The affidavit does not specify which countries records were included, but specifically does mention Iran. ... This database program appears to be wholly separate from the National Security Agency’s metadata program revealed by Edward Snowden, but it targets similar materials and is collected by a different agency. The Wall Street Journal, citing anonymous sources, reported Friday that this newly-revealed program began in the 1990s and was shut down in August 2013. From elsewhere in the article:
"It’s now clear that multiple government agencies have tracked the calls that Americans make to their parents and relatives, friends, and business associates overseas, all without any suspicion of wrongdoing," [said ACLU lawyer Patrick Toomey]. "The DEA program shows yet again how strained and untenable legal theories have been used to secretly justify the surveillance of millions of innocent Americans using laws that were never written for that purpose."

New submitter msubieta writes I have been developing some applications to use in small businesses using Windows and SQL Server. I would like to move on and start doing the same thing in Linux. I have looked at several Frameworks/Databases/Development environments and I really don't know what is the best/simplest/fastest to learn approach. I use VS and C# mostly, although I could easily go back to C++. I found Qt and GTK+ are the most common frameworks, but they seem to lack controls that deal with datasets and stuff (sorry, spoiled by the .net form controls), but I also know that I could use Mono in order to make the jump. I would have no problem on moving to MySQL, as I have done quite a lot of work on that side, and I would like to stick with the traditional client server application, as I find it easier to maintain, and a whole lot more robust when it comes to user interaction (web apps for POS applications don't seem to be the right way to go in my view). Any suggestions/comments/recommendations?

An anonymous reader sends this report from TorrentFreak:
The much-praised Chilling Effects DMCA archive has taken an unprecedented step by censoring its own website. Facing criticism from copyright holders, the organization decided to wipe its presence from all popular search engines. A telling example of how pressure from rightsholders causes a chilling effect on free speech. ... "After much internal discussion the Chilling Effects project recently made the decision to remove the site’s notice pages from search engines," Berkman Center project coordinator Adam Holland informs TF. "Our recent relaunch of the site has brought it a lot more attention, and as a result, we’re currently thinking through ways to better balance making this information available for valuable study, research, and journalism, while still addressing the concerns of people whose information appears in the database."

The ed17 writes Wikidata, Wikimedia's free linked database that supplies Wikipedia and its sister projects, is gearing up to submit a grant application to the EU that would expand Wikidata's scope by developing it as a science hub. ... This proposal is significant because no other open collaborative project ... can connect the free databases in the world across disciplinary and linguistic boundaries. ...the project will be capable of providing a unique open service: for the first time, that will allow both citizens and professional scientists from any research or language community to integrate their databases into an open global structure, to publicly annotate, verify, criticize and improve the quality of available data, to define its limits, to contribute to the evolution of its ontology, and to make all this available to everyone, without any restrictions on use and reuse.

An anonymous reader writes "Google's security research database has after a 90 day timeout automatically undisclosed a Windows 8.1 vulnerability which Microsoft hasn't yet patched. By design the system call NtApphelpCacheControl() in ahcache.sys allows application compatibility data to be cached for quick reuse when new processes are created. A normal user can query the cache but cannot add new cached entries as the operation is restricted to administrators. This is checked in the function AhcVerifyAdminContext(). Long story short, the aforementioned function has a vulnerability where it doesn't correctly check the impersonation token of the caller to determine if the user is an administrator. It hasn't been fully verified if Windows 7 is vulnerable. For a passer-by it is also hard to tell whether Microsoft has even reviewed the issue reported by the Google researcher. The database has already one worried comment saying that automatically revealing a vulnerability just like that might be a bad idea."

An anonymous reader writes Researchers from Moscow State University plan to build a database that will house the DNA of every creature known to man. The University has secured a $194 million grant for the project dubbed "Noah's Ark." The gigantic "ark," set to be completed by 2018, will be 430 sq km in size, built at one of the university's central campuses. "It will enable us to cryogenically freeze and store various cellular materials, which can then reproduce. It will also contain information systems. Not everything needs to be kept in a petri dish," MSU rector Viktor Sadivnichy says.

Der Spiegel has published today an excellent summary of what some of Edward Snowden's revelations show about the difficulty (or, generally, ease) with which the NSA and collaborating intelligence services can track, decrypt, and correlate different means of online communication. An interesting slice: The NSA and its allies routinely intercept [HTTPS] connections -- by the millions. According to an NSA document, the agency intended to crack 10 million intercepted https connections a day by late 2012. The intelligence services are particularly interested in the moment when a user types his or her password. By the end of 2012, the system was supposed to be able to "detect the presence of at least 100 password based encryption applications" in each instance some 20,000 times a month.
For its part, Britain's GCHQ collects information about encryption using the TLS and SSL protocols -- the protocols https connections are encrypted with -- in a database called "FLYING PIG." The British spies produce weekly "trends reports" to catalog which services use the most SSL connections and save details about those connections. Sites like Facebook, Twitter, Hotmail, Yahoo and Apple's iCloud service top the charts, and the number of catalogued SSL connections for one week is in the many billions -- for the top 40 sites alone. ...
The NSA also has a program with which it claims it can sometimes decrypt the Secure Shell protocol (SSH). This is typically used by systems administrators to log into employees' computers remotely, largely for use in the infrastructure of businesses, core Internet routers and other similarly important systems. The NSA combines the data collected in this manner with other information to leverage access to important systems of interest.

An anonymous reader writes isoHunt, the group now best known for launching The Old Pirate Bay, has shared an update a week after debuting The Open Bay. The Pirate Bay, the most popular file sharing website on the planet, still isn't back following police raids on its data center in Sweden, but its "cause" is very much alive. So far, 372 "copies" of The Pirate Bay have been created thanks to the project. The torrent database dump, which combines content from isoHunt, KickassTorrents (via its public API), and The Old Pirate Bay, has seen 1,256 downloads to date.

theodp writes "Investors have poured over $2 billion into businesses built on Hadoop," writes the WSJ's Elizabeth Dwoskin, "including Hortonworks Inc., which went public last week, its rivals Cloudera Inc. and MapR Technologies, and a growing list of tiny startups. Yet companies that have tried to use Hadoop have met with frustration." Dwoskin adds that Hadoop vendors are responding with improvements and additions, but for now, "It can take a lot of work to combine data stored in legacy repositories with the data that's stored in Hadoop. And while Hadoop can be much faster than traditional databases for some purposes, it often isn't fast enough to respond to queries immediately or to work on incoming information in real time. Satisfying requirements for data security and governance also poses a challenge."

An anonymous reader sends word that Apple's iTunes DRM case has already been decided. The 8-person jury took only a few hours to decide that the features introduced in iTunes 7.0 were good for consumers and did not violate antitrust laws.
Following the decision, the plaintiff's head attorney Patrick Coughlin said an appeal is already planned. He also expressed frustrations over getting two of the security features — one that checks the iTunes database, and another that checks each song on the iPod itself — lumped together with the other user-facing features in the iTunes 7.0 update, like support for movies and games. "At least we got a chance to get it in front of the jury," he told reporters. ... All along, Apple's made the case that its music store, jukebox software, and hardware was simply an integrated system similar to video game consoles from Sony, Microsoft, and Nintendo. It built all those pieces to work together, and thus it would be unusual to expect any one piece from another company to work without issues, Apple's attorneys said. But more importantly, Apple offered, any the evolution of its DRM that ended up locking out competitors was absolutely necessary given deals it had with the major record companies to patch security holes.

Probably -- if the device I want supports itProbably -- if it works as promisedProbably -- credit cards will be like checks in another decadeNot sure -- no strong opinions either wayDoubtful -- not a useful technology to meDoubtful -- it will be too fragmentedDoubtful -- privacy/security concernsDoes throwing my spare change at the cashier count as mobile?